Update: In its official blog post, Binance has said that it has found inconsistencies between the data that is being distributed in the Telegram group and the data in its system.
“At the present time, no evidence has been supplied that indicates any KYC images have been obtained from Binance, as these images do not contain the digital watermark imprinted by our system,” it said.
The exchange has also revealed that an unidentified individual tried to extort 300 BTC from it in exchange for 10,000 photos that bear similarity to Binance KYC data. After Binance refused to give in to the extortion, it seems the individual started distributing the data to the public and to media outlets.
Binance said that it is still investigating this case for legitimacy and relevancy, adding:
“On initial review of the images made public, they all appear to be dated from February of 2018, at which time Binance had contracted a third-party vendor for KYC verification in order to handle the high volume of requests at that time. Currently, we are investigating with the third-party vendor for more information.”
------------------------------------------------------------------------------------------------------
Original Article:
The KYC (Know Your Customer) data of thousands of Binance users have been reportedly hacked and the IDs are being posted in a Telegram chat group, a Twitter user said in a tweet on Wednesday.
BREAKING; Thousands of #Binance users KYC data has been hacked and all ID's are posted in a telegram group chat.... @cz_binance needs to make binance more secure because this, along with the 7000 BTC “hack” a few months back, aren’t making binance look to trustworthy! pic.twitter.com/gh3Kjz8vTg
— Kra₿₿y ???? (@BitKrabs) August 7, 2019
When accessed, the “Find Your Binance KYC” group on Telegram contains several images of people holding their identity cards (such as passports, voter ID, etc.) and a placard saying “Binance” and the date the image was taken, which strangely is February 24, 2018.
In response to the latest development, Binance CEO Changpeng Zhao has issued a statement on Twitter urging users not to fall for the "KYC leak" FUD (fear, uncertainty, doubt). He said that they are currently looking into the matter.
Don't fall into the "KYC leak" FUD. We are investigating, will update shortly.
— CZ Binance (@cz_binance) August 7, 2019
The Telegram group has already gained more than 7300 members and counting. Many Twitter users believe that the KYC details were hacked earlier and are only being posted on the Telegram group now.
In a report published in January, CCN stated that a hacker going by the name “ExploitDOT” was selling leaked KYC data from crypto exchanges on the dark web. This included images of individuals holding up a piece of paper with the word “Binance” and the date the image was taken. In its response to the report, Binance said at the time that it had evidence that the leaked KYC pictures were not from Binance accounts.
“To elaborate, in regards to the image data we collect from our customers during the KYC process, every image that the Binance system processes for KYC purposes is embedded with a hidden Digital Watermark,” Binance said at the time.
Earlier in May, Binance suffered a major hack in which it lost 7000 BTC, worth around $40 million. The exchange assured its users that their funds would not be affected due to this incident and said that it will use the Secure Asset Fund for Users (SAFU fund) for fully covering the losses.
In its latest report on the matter, CryptoSlate said that hackers are moving funds in an “elaborate chain of transactions” to make it difficult to trace them back to the hack. Grant Blaisdell, co-founder and CMO of blockchain analytics firm Coinfirm, told the news portal that hackers sent small amounts of the stolen BTC to six exchanges – Kraken, Huobi, BitX.co (Luno), BTC-Alpha, CoinGate, and BitPay – to check whether the exchanges would detect the stolen funds and freeze them.
The #Binance hacker once again moved the #btc to new addresses! This time all of it according to analysis by https://t.co/CdRIXBaJ5a @amlt_token
— Coinfirm (@Coinfirm_io) May 9, 2019
After we documented the movement of some yesterday(orange) all of the funds 7070.9 BTC ($41.8m) were moved to 7 new addresses(red) pic.twitter.com/4vzVFRb7F4